2.2.1.2.1 Message Syntax for XML-Based Wireless Profiles

An XML-based WLAN profile is packed as a single XML string that MUST be constructed according to the XML schema as specified in Appendix A section 6.3.1. In accordance with this schema, primitive data types are defined by the World Wide Web Consortium's XML schema. For more information, see [XMLSCHEMA].

name: A user-friendly name of the wireless profile specified by the wireless profile XML string.

SSID: The WLAN network name, also known as the SSID, as specified in [IEEE802.11-2007].

nonBroadcast: A true/false Boolean field; if true, the domain treats the wireless network as a nonbroadcast network.

connectionType: The type of network to connect to while using this wireless profile. This value MUST be one of the following:

  • IBSS: The wireless network is an ad hoc network.

  • ESS: The wireless network is an infrastructure network.

connectionMode: When the domain client is to connect to a wireless network. This value MUST be one of the following:

  • auto: Attempt to connect to the network occurs automatically whenever the network is in range.

  • manual: Connection to the network occurs only if the user has explicitly requested it.

autoSwitch: If the connection to a more preferred network is attempted when already connected to a network. A more preferred network is one that is ordered higher in a list of preferred wireless networks.

phyType: The IEEE 802.11 physical type that a domain client uses while connected to this wireless network. This value MUST be one of the following:

§ a: refers to LAN protocol IEEE 802.11a-1999

§ b: refers to LAN protocol IEEE 802.11b-1999

§ g: refers to LAN protocol IEEE 802.11g-2003

§ n: refers to LAN protocol IEEE 802.11n-2009

§ ac: refers to LAN protocol IEEE 802.11ac-2013

§ ax: refers to LAN protocol IEEE 802.11ax

authentication: The type of 802.11 authentication the domain clients uses for connecting to the WLAN. This value MUST be one of the following:

  • open: Open 802.11 authentication

  • shared: Shared 802.11 authentication

  • WPA: WPA-Enterprise 802.11 authentication

  • WPAPSK: WPA-Personal 802.11 authentication

  • WPA2: WPA2-Enterprise 802.11 authentication

  • WPA2PSK: WPA2-Personal 802.11 authentication

For information on 802.11 authentication methods, see [IEEE802.1X] and [IEEE802.11i].

encryption: The type of 802.11 encryption algorithm used by domain clients for connecting to this WLAN. This field MUST have one of the following values:

  • none: Encryption disabled

  • WEP: Equivalent privacy

  • TKIP: Temporal Key Integrity Protocol

  • AES: Advanced Encryption Standard

For more information on encryption methods, see [IEEE802.11-2007], and as specified in [IEEE802.11i].

PMKCacheMode: The mode that the domain client uses for IEEE 802.11i PMK caching capability while connecting to a network. This value MUST be one of the following:

Details on PMK caching are specified in [IEEE802.11i].

PMKCacheTTL: The maximum lifetime, in seconds, of PMK cache entries that a domain client is to maintain while performing IEEE 802.11i PMK caching for a wireless network.

PMKCacheSize: The maximum number of entries that a domain client is to maintain while performing IEEE 802.11i PMK caching for a wireless network.

PreAuthMode: The IEEE 802.11i pre-authentication mode that the domain client uses to invoke any IEEE 802.11i pre-authentication capability while connecting to the wireless network. This value MUST be one of the following:

  • disabled: Pre-authentication is disabled.

  • enabled: Pre-authentication is enabled.

Details on pre-authentication are as specified in [IEEE802.11i].

PreAuthThrottle: The IEEE 802.11i pre-authentication throttle, that is, the maximum number of IEEE 802.11i pre-authentication attempts that a domain client is to perform while staying associated with an access point.

useOneX:  A Boolean value; if set to TRUE, the domain clients use IEEE 802.1X authentication protocol to authenticate with the WLAN; otherwise, set to FALSE. If set to TRUE, the security element MUST contain a child element OneX, formed according to the XML schema as specified in Appendix A section 6.5.

FIPSMode: A Boolean value; if set to TRUE, the domain clients use cryptographic modules that are compliant with FIPS 140-2 [FIPS140] requirements while performing cryptographic operations to connect to the WLAN.

heldPeriod: This value MUST be defined as per the HeldPeriod parameter, as specified in [IEEE802.1X].

authPeriod: This value MUST be defined as per the AuthPeriod parameter, as specified in [IEEE802.1X].

startPeriod: This value MUST be defined in accordance with the StartPeriod parameter, as specified in [IEEE802.1X].

maxStart: This value MUST be defined in accordance with the MaxStart parameter, as specified in [IEEE802.1X].

maxAuthFailures: The number of times a wireless connection component on the domain client attempts IEEE 802.1X authentication in spite of failures.

supplicantMode: The transmission behavior of the EAPOL-Start message for domain clients when they authenticate to a WLAN using IEEE 802.1X [IEEE802.1X]. This value MUST be one of the following:

  • inhibitTransmission: EAPOL-Start messages are not sent.

  • includeLearning: Client determines when to send EAPOL-Start messages based on network capability: an EAPOL-Start message is sent if needed.

  • compliant: Transmit per IEEE 802.1X. An EAPOL-Start message is sent upon association to initiate the IEEE 802.1X authentication process.

authMode: The way in which the domain client uses computer or user credentials while performing IEEE 802.1X authentication. This value MUST be one of the following:

  • machineOrUser: When users are not logged on to the domain computer, IEEE 802.1X authentication is performed using the computer credentials. After a user logs on to the computer, authentication is performed using the user credentials. When a user logs off the computer, authentication is performed with the computer credentials.

  • machine: Authentication is always to be performed by using the computer credentials. User authentication is never performed.

  • user: When users are not logged on to the domain computer, IEEE 802.1X authentication is performed using the computer credentials. After a user logs on to the computer, authentication is maintained with the computer credentials. If a user failed to connect to the network previously, IEEE 802.1X authentication is performed using the user credentials.

  • guest: Specifies that the domain client performs IEEE 802.1X authentication with guest credentials.

EAPConfig: The EAP configuration used by the domain client while performing IEEE 802.1X authentication, as specified in [RFC3748]. The content of this element is specified in section 2.2.3.2.<9>

MacRandomization: Settings that govern MAC address randomization on this profile.<10>

§ enableRandomization: A Boolean value; if set to TRUE, MAC address randomization will be enabled when connecting to this profile. If set to FALSE, MAC address randomization will not  be enabled.

§ randomizeEveryday: A Boolean value; if TRUE, a different random MAC address will be used each day when connecting to this profile. If FALSE, the same random MAC address will be used for each connection to this profile.

§ randomizationSeed: A profile-specific seed used to generate the random MAC address or addresses.

See section 6.3.3 for additional information.

transitionMode: Specifies whether or not this is a transition mode profile. In general, transition mode profiles allow for connections between next- and previous-generation Wi-Fi networks. Specific transition mode behavior is defined on a per-feature basis; for example for WPA2/WPA3 transition mode the behavior is defined in the [Wi-FiWPA33] specification.<11>

See section 6.3.4 for additional information.

QoSDSCPToUPMappingAllowed: A Boolean value; if set to TRUE, DSCP To UP Mapping, as specified in [Wi-FiQoS], will be allowed when connecting to this profile.<12> When FALSE (default), DSCP To UP Mapping will not be allowed.

See section 6.3.5 for additional information.